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Abstract 



We give a direct, purely arithmetical and elementary proof of the strong 
' normalization of the cut-ehmination procedure for full (i.e. in presence of all 

I the usual connectives) classical natural deduction. 

; 1 Introduction 

This paper gives a direct proof of the strong normalization of the cut-elimination 
procedure for full propositional classical logic. By full we mean that all the connec- 
tives {—>■, A and V) and _L (for the absurdity) are considered as primitive and they 
have their intuitionistic meaning. As usual, the negation is defined by -lA — A ^_L. 
It is well known that, when the underlying logic is the classical one (i.e. the 
, absurdity rule is allowed) these connectives are redundant since, for example, V 

' and A can be coded by using — > and _L. From a logical point of view, considering 

ly-^ , the full logic is thus somehow useless. However, from the computer science point of 

' view, considering the full logic is interesting because, by the so-called Curry-Howard 

On . isomorphism, formulas can be seen as types for functional programming languages 

' and correct programs can be extracted from proofs. For that reason various systems 

have been studied in the last decades (see, for example, [2, 4, 5, 12, 14, 15, 17, 22]) 
both for intuitionistic and classical logic. The connectives A and V have a functional 
counter-part (A corresponds to a product and V to a co-product, i.e. a case of) and 
' it is thus useful to have them as primitive. 

Until very recently (see the introduction of [7] for a brief history), no proof of 
the strong normalization of the cut-elimination procedure was known for full logic. 
In [7], de Groote gives such a proof by using a CPS-style transformation from full 
classical logic to intuitionistic logic with as the only connective, i.e. the simply 
typed A-calculus. A very elegant and direct proof of the strong normalization of the 
full logic is given in [11] but only the intuitionistic case is given. 

We give here another proof of de Groote's result. This proof is based on a proof 
of the strong normalization of the simply typed A-calculus due to the first author 
(see [8]) which, itself, is a simplification of the one given by Matthes in [11]. After 
this paper had been written we were told by Curien and some others that this 
kind of technique was already present in van Daalen (see [27]) and Levy (see [13]). 
The same idea is used in [10] to give a short proof of the strong normalization of 
the simply typed A/z-calculus of [17]. Apart the fact that this proof is direct (i.e. 
uses no translation into an other system whose strong normalization is known) and 
corresponds to the intuition (the main argument of the proof is an induction on 
the complexity of the cut-formula) we believe that our technique is quite general 
and may be used in other circumstances. A crucial lemma of our proof is used 
in [16] to give a semantical proof of the strong normalization. Finally [9] uses 



1 



the same technique to give an elementary proof of the strong normahzation of a 
typed A-calculus with expHcit substitutions which, from the logical point of view, 
correspond to explicit cuts and weakenings. 



2 The typed system 

We code proofs by using a set of terms (denoted T) which extends the A/i-terms of 
Parigot [17] and is given by the following grammar where x,y, ... are (intuitionistic) 
variables and a,b,... are (classical) variables: 

T::=x\ XxT \ {T £) \ {T,T) \ uj^T \ uj^T \ naT | (a T) 

5 ::= T I TTi I 7r2 I [x.T,y.'T] 

The meaning of the new constructors is given by the typing rules of figure 1 

below where F is a context, i.e. a set of declarations of the form x : A and a : 
where x is an intuitionistic variable, a is a classical variable and A is a formula. 

Note that, since we only are concerned with the logical point of view, we should 
only consider typed terms, i.e. use a A-calculus a la Church. However, for the 
simplicity of notation, the set of terms has been given in an untyped formalism i.e. 
we use a A-calculus a la Curry. 

Ti h M : A T2'r N -.B T \- M : At ^ A2 
ax — — - — ■ — . , . ,,. : — Ai -— — — - — : — A„ 



T,x:A^x:A Ti, Ta h (M, TV) : A B ' T ^ [M -Ki) : A 

T,x: A'r M : B T^'^ M : A^ B T^'^ N : A 

r h XxM -.A^B ri,r2 \- {M N):B 

T\-M:Ai 

r h LJiM :AiVA2 ^' 

Th M : AiV A2 ri,xi:Ai'rNi:C Fz, X2 : A2 h jVa : C 

r,ri,r2h(M[a;i.iVi,.X2.iV2]) :C 

T,a: ^Ah M : ± , T, a : ^A \- M : A , 

absi ; ; absp 

r h iiaM -.A ' r h (a M) : _L 

Figure 1. 

This coding is essentially the same as in [1] and [7]. We have adopted the 
notations of [1] which are also used by [11]: what is written WiM in [7] is written 
(M TTi) here and S{M,Xi.Ni,X2.N2) in [7] is written (M [xi.Ni, X2.N2]) here. These 
notations have the advantage of making the permutative and classical reduction 
rules more uniform and thus simplifies the proofs. 

The cut-elimination procedure corresponds to the reduction rules given below. 
There are three kinds of cuts. 

Logical cuts: they appear when the introduction of a connective {—>■, A and V) 
is immediately followed by its elimination. The corresponding rules are: 



• {XxM N)!>M[x := N] 

• ((Mi,M2) TTi) > Mi 

• {uJiM [xi.Ni,X2.N2])^Ni[xi := M] 



Permutative cuts : they appear when the elimination rule of the disjunction is 
followed by the elimination rule of a connective. They arc considered as cuts because 
a logical cut may be hidden by the Ve rule. Considering these cuts is necessary to 
get the sub-formula property. The corresponding rule is: 
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. (M [x^.N^,X2.N2] e)>(M [x^.{Ni e),X2.{N2 s)]) 

Classical cuts : they appear when the classical rule is followed by the elimination 
rule of a connective. The corresponding rule is: 

• {fiaM e) t> iJ,aM[a :—* e] where M[a :=* e] is obtained by replacing each 
sub-term of M of the form (a N) by (a {N e)). 

Notation 2.1 Let M be in E. 

1. M>M' means that M reduces to M' by using one step of the reduction rules 
given above. As usual, i>+ (resp. >*) is the transitive (resp. reflexive and 
transitive) closure of>. 

2. M is strongly normalizable (this is denoted by M & SN) if there is no infinite 
sequence of> reductions. 

Remark If M [yi.iVi, |/2-A^2], M > M' means that M' is cither [?yi.7V{, ^2-^2] 
or [yi.Ni,y2.N^] where A^i > N{ or N2 > N^. It is thus clear that M G SN iS 
Ni,N2e SN. 

The following result is straightforward. 
Lemma 2.1 (Subject reduction) IfT h M : A and M >* N then T \- N : A. 

The goal of this paper is the proof of theorem 2.1 below. 

Theorem 2.1 Every typed term is strongly normalizable. 

The proof is an immediate corollary of theorem 4.1: if M, N G SN, then M[x := 
N] e SN. 

The proof of theorem 4.1 uses a characterization of strongly normalizable (the- 
orem 3.1): a term is in SN iff its arguments and head rcduct (sec definition 3.3) 
are in SN. This theorem needs another result (theorem 3.2) which is, intuitively, 
very clear but whose formal proof needs some work. 

The main difficulties arc the following: 

- The first one is minor: in the A-calculus, each term has a unique head, either a 
head variable or a head redex. Due to the connective A, this is no longer true here 
and a term may have both a head variable and a head redox. This is treated by 
showing that it is enough to consider only the simple terms (see definition 3.1). 

- The second one is crucial and due to the presence of critical pairs such as 
{fj,a.M [yi.iVi, i;2.^2] =)• Wo can choose as head rcdex cither the classical one or the 
permutative one. If we choose the classical one, the proof of theorem 3.1 will be 
easy but the proof of theorem 4.1 does not work because, in the rule Vg, the type 
of the main hypothesis has nothing to do with the type of its conclusion. We thus 
have to choose, as head redex, the permutative one but then, theorem 3.1 needs the 
difficult theorem 3.2. For the same reason (the rule Ve), the proof of theorem 4.1 
needs a rather complex induction: we use a 5-tuple of integers. Note that E. Tahhan 
Bittar [3] has given a proof of the strong normalization of the sequent calculus by 
using essentially the same 5-tuple of integers. 

Remark It is also for simplicity of proofs that, in the totality of this section, we only 

consider typed terms and thus, for example, that terms such as {XxM [xi.Ni, .T2.-/V2]) 
are not allowed because they, obviously, cannot be typed since the type of XxM must 
be an implication. Actually, theorems 3.1 and 3.2 would also be true for untyped 
terms i.e. even if terms as {XxM [.xi.iVi, .X2.-^2]) were allowed and its proof will be 
essentially the same since such a term is strongly normalizable iff M, Ni , N2 also 
are strongly normalizable. 
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3 Characterization of strongly normalizable terms 

Definition 3.1 1. A term M is simple if M either is a variable or an applica- 
tion. 

2. The set of contexts is given by the following grammar: 

C := *i I XxC I oJiC I (Ci, C2) I fiaC 

3. If C is a context with holes *i, *„ and Mi, M„ are terms, C[Mi, M„] 
is the term obtained by replacing each *i by Mj. 

Lemma 3.1 Each term M can be uniquely written as C[Mi, ...,M„] where C is a 
context and Mi, Mn are simple terms. 

Proof By induction on M. □ 

Lemma 3.2 Let C be a context and Mi,...,M„ be terms. Then C[Mi,...,M„] e 
SN iffMi,...,Mn e SN. 

Proof By induction on C. □ 

Definition 3.2 (and notation) A (possibly empty) sequence N = Ni,...,Nn of 
elements of £ is nice if each Ni gTL) {7ri,7r2} except possibly for i = n. If M is a 
term, {M Ni...Nn) will be denoted as (M N). 

Lemma 3.3 (and definition) Let M be a simple term. 

1. Then M can be uniquely written as one of the cases of the figure below where 
T = Ti,...,Tn is a nice sequence and, in case (4) and (5), e T is also nice, 
i.e. if e = [2/i--/Vi, j/2--^2] then T is empty. 

2. The set of arguments of M (denoted as arg{M)) and the head of M (denoted 
as hd{M) ), either a redex or a variable, are defined by the figure below. 

3. The head reduct of M ( denoted as hred{M) ) is the term obtained by reducing, 
if any, the head redex of M. 





M 


hd{M) 


arg{M) 





{x T ) or (a T) 


x or a 


{Ti,...,T„} orT 


1 


{XxN T) 


{XxN O) 


{O} 


2 


{{Ni,N2) Tr,T) 


{{Ni,N2)Tri) 


{Ni,N2} 


3 


[lO^N [xi.Oi,X2.02]) 


M 


{N, 01,02} 


4 


iljaN e T) 


{lJ.aN e) 


{e} 


5 


{N[xi.Oi,X2.02]eT) 


(AT [x1.OuX2.O2] s) 






Proof Since M is simple, and for trivial typing reasons, it looks like either (a) 
{x 'S) or (a S) or (b) {XxN O 5) or (c) {{Ni,N2) tt^ S) or (d) {wiN [x1.OuX2.O2] 5) 
or (e) {fj,aN e S). If S is empty the result is clear. 

Otherwise, assume first S is nice. The cases (a), (b) and (c) are clear. Case (d) 
gives (5). Case (e) gives (5) if £ = [yi.A^i, 2/2-/V2] or (4) otherwise. 

Assume finally S is not nice. Then S can be written as Si[yi.Ni,y2.N2]S2 
where 5*2 is nice and non empty. It is then easy to see that, in all cases, this gives 
(5) where sl = eT. 

For uniqueness, check easily (by looking wether T has an [j/i.A^i, j/2--^2] or not) 
that if M is in case to 4 it cannot also be in case 5. □ 
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Theorem 3.1 Let M be a simple term. If M has an head redex, then M G SN 
iffarg{M) C SN and hred{M) e SN. Otherwise, M e SN iff arg{M) C SN. 

Proof The case of an head variable is trivial. Case 1 of the figure of lemma 3.3 
is done as follows. Since hred{M) e SN, N and T are in SN. Thus and since T 
is nice, an infinite reduction of M must look like: M t>* {XxNi Oi Ti) t> {Ni[x := 
Oi] Ti) > .... The contradiction comes from the fact (see lemma 3.4 below) that 
hred{M) >* {Ni[x := Oi] Ti). Cases 2, 3, 4 are similar. 

Case 5 is theorem 3.2 below. □ 

Lemma 3.4 Let M,N e T. Assume M > M' and N > N' . Let a (resp. a') be 
either [x := N] or [a :=* N] (resp. [x := N'] or [a :=* N']). Then M[a] > M'[a] 
andM[a] M[a']. 

Proof Straightforward. □ 

Theorem 3.2 Assume the sequences V is nice andS2 = {N [xi. {Ni e),X2- {N2 s)] 
V) G SN. Then Si = (M [xi. Ni,X2. N2] eV)€ SN. 

Proof See section 5. □ 



4 Proof of theorem 2.1 

By induction on M. The cases x, XxN, {N, O), ujiN, (a N) and iJ,aN arc immediate. 
The last case is M = (A^ e) = {x e)[x := N] where a; is a fresh variable and the 
result follows from the induction hypothesis and theorem 4.1 below. □ 

Definition 4.1 Let M be a term. Then, cxty{M) is the number of symbols occur- 
ring in M and, if M & SN, r]{M) is the length of the longest reduction of M. 

In lemma 4.1 and theorem 4.1 below, a denotes a substitution of the form 
[xi := Ni / i = l...n], i.e. we substitute only intuitionistic variables. 

Lemma 4.1 Let M be a simple term with an head redex and a be a substitu- 
tion. Then, hd{M[a]) = hd{M)[a], arg{M[a]) = arg{M)[a] and hred{M[cr]) = 
hred{M)[a]. 

Proof Immediate. □ 

Theorem 4.1 Let M G SN be a term and a be a substitution. Assume that 
the substituted variables all have the same type and, for all x, a{x) e SN. Then 
M[a] G SN. 

Proof 

The proof is by induction on {lgt{a)) , r]{M) , cxty{M) , r]{a) , cxty{a)) where lgt{a) 
is the number of connectives in the type of the substituted variables and r]{a) 
(resp. cxty{a)) is the sum of the r]{N) (resp. cxty{N)) for the N that are ac- 
tually substituted, i.e. for example if cr = [a; := N\ and x occurs n times in M, 
then rj{a) = n.r]{N) and cxty{a) = n.cxty{N). The induction hypothesis will be 
abbreviated as IH. 

By the IH and lemmas 3.2 and 3.1 we may assume that M is simple. Consider 
then the various cases of lemma 3.3. 

• If M has an head redex: by lemma 4.1 and the IH, arg{M[a]) C SN since 
for each N G arg{M), cxty{N) < cxty{M). By lemma 4.1, hred{M[(7]) = 
hred{M)[a] and thus, since r]{hred{M)) < t]{M), hred{M[a]) G SN follows 
from the IH 
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• Otherwise, if the head variable is a classical variable or an intuitionistic vari- 
able not in the domain of a, the result is trivial. 

• Otherwise, i.e M = {x T) 

— If hd{M[<j\) is a variable, the result is trivial. 

— If hd{M[a\) = hd{a{x)): let M' = z T where z is a fresh variable and 
a' be the substitution defined as follows cr'(z) = hred{a{x)) and, for the 
variables y occurring in T, (j'{y) = cr(j/). Then, hred{M[a]) = M'[a'] 
and thus, by the IH, hred{M[a]) G SN since r/(cr') < r?((T). 

— Otherwise, the head redex has been created by the substitution. The 
various cases are: 

1. M = {x O'S) and (t(x) = XyN. By the IH, arg{M[a]) C SN and thus, by 
theorem 3.1, we have to show that P {N[y := 0[a]] S[c7]) e SN. By the IH, 
{z S\a]) e SN and since lgt{0[a]) < lgt{XyN), N[y := 0[a]] e SN . Thus 
P={z S\a\)[z := N[y := 0[ct]]] e SN since lgt(N[y := 0[ct]]) < lgt{\yN). 

2. M = {x ■Ki'S) and a{x) = {Ni,N2) or M = {x [xi.Mi,X2-M2]) and a{x) = 
WiN. The proof is similar. 

3. M = {x [xi.Mi,X2-M2]) and a{x) = iiaN. By the IH, arg{M[a\) C SN and 
thus (by theorem 3.1) we have to show P ~ fiaN[a :—* [xi.Pi,X2-P2]] £ SN 
where, for i = 1,2, Pi = Mi[a]. Since cxty{Mi) < cxty{M), the fact that 
Pi e SN follows from the IH. The result is thus a particular case of the claim 
below. 

Claim Let Pi,P2,T £ SN and ai,...,a„ be variables of type ^{A V B). 
Let T[t] denotes T[ai :=* [P\ / i = l...n] where [P] is an abbreviation for 
[xi.Pi,X2.P2]. Then T[r] e SA^. 

Proof By induction on {r]{T),cxty{T)). We may assume that T is simple. 
Consider the various cases of lemma 3.3. 

• If T has an head redex, the result follows immediately from /ff and lemma 
4.1. 

• Otherwise and if the head variable of T is not in r, the result is trivial. 

• Otherwise and because of the type of the Ui, T = {a V) where V gT. It 
is thus enough to prove that (V[t] [P]) S SN and, for that, it is enough 
to show that its head reduct Q S SN. The various cases are: 

- V = uJiW and Q = Pi[xi := W[t]]. By the IH, W[t] G SN since 
cxty(W) < cxty{T) and thus, since lgt{W) < lgt{N), Q e SN 
follows from the main IH (recall we arc "inside" the proof of theorem 
4.1, type{W) = AoT type{W) = B and type{N) = Ay B). 

-V = nhW and Q = /x6VF[t][6 :=* [P]] = fih W[t'] where r' = 
rU [6 :=* [P]]. Since cxty{W) < cxty{T), the result follows from the 
IH. 

— V = (We) and e is not in the form [xi.Wi,X2.W2]. Then, the head 
redex of {V[t] [P]) must come from V and Q = {V'[t] [P]) for 
some V such that V t> V . Let T' = (a V). Since r){T') < r]{T), 
T'[t] G SN. But T'[t] > Q and thus Q G SN. 

-V={W [x1.WuX2.W2]) andQ = {W[t] [xi.{Wi[t] [P]),X2.{W2[t] [P])]). 
Let Tj = {a Wj). Since cxty{Tj) < cxty{T), by the IH, T,[t] G SN 
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and thus {Wj[t] [P]) e SN since Tj[t] > {Wj[t] [P]). By the IH, 
since cxty(W) < cxty(T), W[t] e SN. By theorem 3.1, it is thus 
enough to show that Q' = hred{Q) S SN. 

If hd{Q) comes from W, the result follows from the IH. Otherwise, 
the various cases are: 

* W = uj,W' and Q' = {W,[t] [P])[x, := W'[t]]. Let T' = 
{aW,[x, := W']). Then T = (a {uj^W [xi.l^i, xa-Wa])) > T'. 
By the IH, T' [t] e SN and the result follows from the fact that 

r[T]^{w,[p])[x, ■.= w'][t] = q'. 

* If = nbW otW= {W [xi.Wi,X2.W^]): the proof is similar. 

4. M = {x e T ), e ^ [xi.Mi, xa-Ma] and a{x) = fiaN. We prove exactly as in 
case 3 that {^aN e[a]) e SN. To prove that M[a] e SN, it is enough to use 

the same trick as in case 1: M[(t] = (z T[(t])[z := (paN s[<t])] where 2; is a 
fresh variable and the IH gives the result since lgt{z) < lgt{x). 

5. M = {x [xi.Mi,X2.M2]) and a{x) = {N3 [yi.Ni,y2.N2]). By theorem 3.1, 
it is enough to show P = {N3 [yi.{Ni [P]),y2.{N2 [P])]) G SN where, for 
i = 1,2, Pi = Mi[a] and {N, [P]) is a notation for {Ni [xi.Pi, xa.Pa]). Let 
M' = [z [xi.Mx,X2.M2\) where 2: be a fresh variable. For i = 1,2, let cXi = aU 
[z := Ni]. By the IH, M'[ai] e SN since r}{(j') < r]{a) and cxty{a') < cxty{a). 
Then {N, [P]) £ SN since M'[(7,] > {Ni [P]). By theorem 3.1, it is thus enough 
to show that Q = hred{P) e SN. 

If hd{P) comes from W , the result follows from the IH. Otherwise, the various 
cases are: 

• N3= ujiN^ and Q = {N,[x, := iV^] [P]). Let M' = [z [xi.Mi,X2.M2]) 
where z is a fresh variable and a' = a \J {[z := Ni[xi := N^]}. Then 
Q = M'[a'] e SN since t]{(t') < f]{a) and cxty{a') < cxty{a). 

• N3 = fiaN^ or A^3 = (Q3 [yi.Qi,y2-Q2])- The proof is similar. 

6. li M = {x e T), e ^ [xi.Mi. X2.M2] and a{x) = {N3 [xi.Ni,X2.N2]). We 
prove exactly as in case 5 that (7V3 [xi.A^i, cca.A^a] ^[c]) G SN. To prove 
that M[a] e SN, it is enough to use the same trick as in case 1: M[a] = 
{z T[(t])[z := {N3 [xi.Ni,X2.N2] ^[ct])] where 2; is a fresh variable and the IH 
gives the result since lgt{z) < lgt{x). 

□ 



5 Proof of theorem 3.2 

The idea of the proof is the following: we show that an infinite reduction of 5*1 can 
be translated into an infinite reduction of ^2 . These reductions are the same except 
that, m S\, e can be far away from the N^. We mark e and the Ni to keep their 
trace. This gives the set of marked terms T' of definition 5.1. The correct terms of 
definition 5.3 intuitively are the marked terms for which each marked Ni knows who 
is the corresponding marked e. Concretely, being correct is a sufficient condition to 
ensure that a reduction in the marked Si can be translated to the corresponding 

The main difficulty of the proof consists in writing precise definitions. The proofs 

of the lemmas consist in easy but tedious verifications. 

Important remark. The proof is uniform in the sequence e V . In definition 5.1 
below, we implicitly assume the following: if we are proving theorem 3.2 for £ € T 
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(resp. £ = TTi, £ = [yi. Mi, 2/2- M2]) then, in the sub-terms of the form o^/, we 
necessarily have e' £ T (resp. e' = ttj, e' = [yi. Qi,t/2- <92])- Note that we could 
also assume that e' is a reduct of £ but this does not really matter for the proof. 
However, in the case £ = [yi- -Pi, 2/2- -P2], since the sequence £ F is nice V is empty 
and this must appear in the proof. We will do the proof only for £ e T or £ = TTj. 
The proof for the case e = [yi. -Pi, 2/2- P2] is essentially the same: we just have to 
add an third condition in definition 5.3 and check in the lemmas that this condition 
is preserved. This new condition is given in the final remark of this section. 

Definition 5.1 1. Let T' be the set of terms obtained from T by adding new 

constructors: Ojy and where N G T and e G £ are closed. 

2. The reduction rules for T' are the ones of T plus the following: 

• If N \> N' f/ien Ojv Ojv' and oj^ ]> oj^i . 

• (ojv o^)>{N e). 

3. Let ► be the congruence defined by the following reduction rules: 

• (M [xi.Ni,X2.N2] Oe) ► (M [xi.{Ni 0,),X2.{N2 Oe)]) 

• {/laM o^) ^ fiaM[a :=* o^] 

Comments 

An element of T' is a term in T where some sub-terms have been replaced by 
terms as On or Og where N G T and e G £ and, in particular, have no sub-terms as 
Oat/ or Og/. It is assumed, in the definition, that the N and e occurring in o^v or 
are closed. In fact, they are allowed to have free variables (both intuitionistic and 
classical) but it is assumed that these variables will never be captured and thus act 
as constants. 

Definition 5.2 Let M 

1. M is acceptable iff M = or M = fxaMi and, for each sub-term of M of 
the form {a N), N is acceptable or M = {N [xi.Ni,X2-N2]) and Ni,N2 are 

acceptable. 

2. If M is acceptable, the set st{M) of terms is defined by: st{<>j\j) = {oac}, 
st{iiaMi) = \j{st{S) I (a S) sub-term of Mi} and st{{N [xi.Ni,X2.N2])) = 
st{Ni)Ust{N2). 

Lemma 5.1 Let M gT' be an acceptable term. 

1. If a is a substitution either of the form [x := N] or [a :=* N], then M[a] is 
acceptable and st{M[a]) = st{M). 

2. IfM\>M', then M' is acceptable and st{M') C st{M). 

Proof By induction on M. (1) trivial. For (2) use (1). □ 

Definition 5.3 A term M G T' is correct if the following conditions hold. 

1. Each occurrence of a term of the form appears as {U o^) for some acceptable 
term U. 

2. For each sub-term of M of the form On there is a sub-term (necessarily unique) 
of the form {U Og) such that Ojv belongs to st{U). The corresponding e is 
denoted as eps{N) 
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Examples 

• Assume M,N,0,P,e are closed terms. Then A = (M [a;i.Ojv, a;2.0o] Oe P) 

is correct. 

• Assume M, N, O, P, Q, R, S, £i, £2 are closed terms. Then B = 

{M [xi.{N [yi. Oo,2/2- l^aP] o^J, a;2.(/(x6(6 /tic(c {Q [zi-i^dR, Z2.0s]))) Oes)]) is 
correct. 

Lemma 5.2 If M is correct and M t> M' , then M' is correct. 

Proof Let (U o^) be a sub-term of M. A reduction can be, either in e or in t/ 
or between U and s or, finally, above {U Og). Since U is acceptable and by using 
lemma 5.1 it is easy to check that, in each case the conditions of correctness are 
still satisfied. □ 

Lemma 5.3 Let M be a correct term. 

1. M has no sub-term of the form {O On)- 

2. If (ojv O) is a sub-term of M , then O = for some e. 

Proof Otherwise, let {U o^) be the sub-term such that ojv € st{U). The result 
follows easily from the fact that U is acceptable. □ 

Definition 5.4 Let M €T . 

L Ti{M) is the term obtained by replacing Ojy by N and by e. 

2. If M is a sub-term of a correct term, T2{M) is the term obtained by replacing 
each occurrence of [U o^) by U' where U' is obtained from U by replacing each 
occurrence of on such that e = eps{N) is a sub-term of M by {N e). 

Comments and examples 

1. If M itself is correct, T2{M) e T. Otherwise, some Ojv that are related to a 
Og outside M are not replaced. We need this more general definition for the 
proof of lemma 5.4. 

2. If M is correct, Ti(M) i>* T2(M). More precisely T2(M) = Ti(M') where M' 
is the normal form of M for the rules ►. Since we will not use this result, we 

do not prove it. 

3. Let A, B be the terms of the previous example. Then 

Ti{A) = [M [xi.N,x2.0] eP) and r2(A) = (M [xi.{N e),X2.{0 e)] P). 

T,{B) = (M [xUN [yi. 0,y2. f^aP] e{),X2.{y.b{b iic{c (Q [zi.iidR,Z2.S]))) £2)]) 
and T2{B) = (M [xi.{N [j/i. (O £i),y2- iJ,aP]),X2.lJ,b{b iJ,c{c {Q [zi./idR, 

Z2.{Se2)])m- 

Lemma 5.4 Let M <E T' be correct. If Ti(M) \> N, there is a correct term M' 
such that M >+ M' and Ti{M') = TV. 

Proof Let R be the redex that has been reduced. By lemma 5.3, the only cases 
to consider are: 

• There is a redex 6" in M such that R = Ti{S). The result follows then from 
lemma 5.3. 

• There is a sub-term of M of the form Ojv or o^, such that i? is a sub-term of 
A'' or £. The result is then trivial. 

• Finally, R = {Ti{U) e) where {U o^) is a sub-term of M, the result follows 
from the fact that U is acceptable. □ 
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Lemma 5.5 Let P = [M O) he a sub-term of a correct term. Assume O ^ 
and P \> P' by reducing the redex P. Then, T2{P) t>* T2{P'). 

Proof It is, for example, straightforward to check that, if M = XxMi, then 
T2(P) = {XxT2{Mi) T2(0)) and T2{P') = T2{Mi)[x := T2(0)]. The other cases are 
similar. □ 

Lemma 5.6 Assume M = {N o^) is a sub-term of a correct term. Then, 

• r2(M) = r2((r2(7V) o,)). 

• If N has no sub-terms of the form o^i and N\>N' then, T2{M)t>* T2{{N' Oe)). 
Proof Straightforward. □ 

Lemma 5.7 Let M is a sub-term of a correct term. If M > M' , then T2{M) >* 
T2iM'). Moreover, if T2{M) = T2{M'), then M ► M' . 

Proof By induction on {nh{M) , cxty{M)) where nh{M) is the number of sub- 
terms of the form in M. The only non trivial case is M = {N O). 

• Assume 0^o,_. If M' = (TV' O) where iV > iV' or M' = {N O') where O > C, 
the result is trivial. Otherwise, M itself is the reduced redex and the result 
comes from lemma 5.5. 

• Assume = 0^. If M itself is the reduced redex then T2(M) = T2(M') and 
M ► M' . If M' = (N Ogi) where e > e' , the result is trivial. Otherwise, 
i.e. M' = {N' o^) where N>N'. If nb{N) = 0, the result follows from lemma 
5.6(2). Otherwise, by the induction hypothesis, T2{N)\>*T2{N') and the result 
comes from lemma 5.6. □ 



Lemma 5.8 Let M be a correct term. Then M is strongly normalizable for 
the ► reduction. 

Proof If M is correct, let lg{M) be the sum of the length of the path (i.e. the 
number of nodes in the tree representing M) relating the o^r to the corresponding 
o^. It is easy to see that, if M ► M', then lg{M') < lg{M). □ 

Proof of theorem 3.2 

Assume S2 G SN and 6*1 ^ SN. Let {Ui) be a sequence of terms such that 

Uq = Si and, for each i, Ui>Ui^i. Let M = {N [xi. Oni,X2. 0N2] °e V). By using 
lemma 5.4, we get a sequence of correct terms Mi such that, for each i, Mi >+ M^+i 
and Ti(Mi) = U^. By lemma 5.7, T2{Mi) \>* T2{Mi+i). Since ^2 = T2(M) € SN, 
there is an io such that, for i > io, T2(Mj) = T2(Mj+i) and thus, by lemma 5.7, 
Mi ►+ Mj+i. This contradicts lemma 5.8. □ 

Remark. _^ 

Assume that, in theorem 3.2, e = [yi.Qi,y2.Q2]. If V were not empty, the proof 
of lemma 5.4 would not work because a redex could be created by the transformation 
Ti. Here is an example: let M = {P V) be correct and assume Ti{M) ~ 
{P [yi-Qi,y2-Q2] V)>N={P [yi.(gi V),y2.{Q2 V)]). There is no way to find M' 
such that M>M' and Ti(M') = N because (P V) is not a redex. 

We do not know wether theorem 3.2 remains true if the sequence e V is not 
nice: to prove it, (P V) should then be considered as a redex but T' becomes 
much more complicated. Since e is nice, it is simpler to add a new condition in 
the definition 5.3 of correctness to ensure that this situation (of the creation of a 
redex by the transformation Ti) does not appear. This condition is the following: 
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3. M is good wrt the set of all its sub-terms of the form {U o^). 

where, if is a subset of T', M is good wrt to E is defined by: M £ E ov 
M = ixa N and for each occurrence of (a N) in M, A'' is good wrt to S or M = 
{N [a;i.iVi,a;2.iV2]) and Ni,N2 are good wrt to E. 

This condition implies in particular that, in a correct term, there is no sub-term 
of the form {N U) and thus that lemma 5.4 remains valid. It is not difficult to 
check that the other lemmas remain also valid. 
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